The web version of the recently written firewall requires the Linux system commands to be called in PHP, but firewall-related executions require administrator privileges to execute.
Under Ubuntu, Apache2 's running account defaults to Www-data, and by default it is not possible to get admin privileges via sudo. Checked, tried a few ways, done.
#1 just in case, check Apache's running account.
<? PHP exec ("WhoAmI",$output,$result); Print_r ($output);? >
Run and get the current account Www-data
#2 give sudo permission with Www-data, and password free
Command line input: Nano/etc/sudoers or Visudo
Insert a row www-data all= (all:all) Nopasswd:all
As shown
#3 applications
<? PHP exec ("sudo iptables-save",$output,$result); Print_r ($result);? >
As shown above, you can execute the shell under Administrator privileges
It is important to note that the actions above will pose a significant security risk to the server because Www-data users can elevate to administrator privileges without requiring a password. If Apache is taken down by the bad guys, then the server will be easily taken down ~ ~ Need to be cautious ~ ~
Ubuntu-sudo in PHP exec